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Art Unit: 2137 

DETAILED ACTION 
Claim Objections 

Claims 2 and 16 are objected to under 37 CFR 1 .75(c), as being of improper 
5 dependent fonn for failing to furtlier limit the subject matter of a previous claim (Claim 
1). Applicant is required to cancel the claim(s), or amend the claim(s) to place the 
claim(s) in proper dependent fonn, or rewrite the claim(s) In independent fonn. Claim 1 
includes all the limitations of claim 2. The addition of the phrase "proxy" in claim 16 fails 
to further limit parent claim 12 as claim 12 describes the transfer of files from a 
10 repository to a client through a secure third party acting on their behalf, i.e. a proxy 
transfer. 



Ciaim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
1 5 form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

20 

Claims 1-9, 12-17, 19-22, and 24-34 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Lin et al. (U.S. Patent No. 6,052,785) 



25 



As per claim 1 , Lin discloses a network media access controller providing a 
centralized control point for managing secure data storage in a networi<-attached data 
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storage subsystem, said network media access controller comprising: 

a) a first network interface coupleable through a first network connection to a network- 
attached data storage subsystem including a storage device (remote data repositories), 
wherein said network-attached data storage subsystem is responsive to a data storage 

5 command (request) to store first data to said storage device; 

b) a second network interface coupleable through a second network connection to a 
client computer system, wherein said client computer system selectively provides said 
data storage command with respect to second data; and 

c) a network data processor (server) coupled to said first network interface to provide 
10 said data storage command and first data to said second network interface to receive 

said data storage command and second datja, said network data processor including an 
encryptor coupled to selectively encrypt said second data to provide said first data 
based on an encryption key corresponding to said storage device (CRYPTOPS) (col. 3 
lines 52-63; col.5 line 57 thru col.6 line 24). 

15 

As per claim 2, Lin discloses the network media access controller of claim 1 
wherein said encryption key is determined by said network data processor to 
correspond to said storage device (col.5 line 57 thru col.6 line 24). 



20 



As per claim 3, Lin discloses the network media access controller of claim 2 
wherein said storage device is a logical storage unit within said network-attached 
storage subsystem (col.5 lines 4-13). 
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As per claim 4. Lin discloses the network media access controller of claim 3 
wherein said network data processor includes a data table storing a plurality of 
encryption keys (session ids), including said encryption key, correlated against a 
5 plurality of logical storage unit identifiers (access drives), including an identifier of said 
logical storage unit (col.6 lines 38-59). 



As per claim 5, Lin discloses the network media access controller of claim 4 
wherein said data storage command includes an identification of said logical storage 
1 0 unit (coL3 lines 56-63). 



As per claim 6, Lin discloses the network media access controller of claim 5 
wherein said network data processor includes a map table storing initiator logical 
storage unit identifiers and target logical storage unit identifiers wherein said network 
1 5 access controller maps said identification provided by said data storage command 
through said table to select a target logical storage identifier corresponding to said 
logical storage unit (col.3 lines 56-63). 



As per claim 7, Lin discloses a network storage access controller comprising: 
20 a) a first network interface coupleable to an initiator network accessible by a plurality of 
network clients to exchange first network data, wherein said first network data contains 
unencrypted media-level storage data; 
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b) a second network interface coupleable to a target network through which a plurality of 
network storage volumes are accessible to exchange second network data, wherein 
said second network data contains encrypted media*level storage data; and 

c) a controller coupled between said first and second network interfaces operative to 
5 convert between said first and second network data, said controller including a crypto 

processor to encrypt and decrypt media-level storage data contained in said first and 
second network data (CRYPTOPS) (col.3 lines 52-63; col.5 line 57 thru col.6 line 24; 
col.7 lines 55-57). 



10 As per claim 8, Lin discloses the network storage access controller of claim 7 

wherein said controller includes a plurality of crypto keys having predetermined 
association with said plurality of network storage volumes and wherein said controller is 
operative to selectively apply said plurality of crypto keys to convert between said first 
and second network data (col.3 lines 48-51 ;col.7 lines 48-57). 

15 

As per claim 9, Lin discloses the network storage access controller of claim 8 
wherein said first and second network data includes predetermined network data 
packets that encapsulate media-level storage data, wherein said controller is operative 
to process encapsulated media-level storage data through said crypto processor 
20 selectively associated with a predetermined one of said crypto keys (col.5 line 57 thru 
col.6 line 23; col.7 lines 48-57). 
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As per claim 12, Lin discloses a network storage controller supporting client 
access to network attached data storage, said network controller being coupleable in a 
communications network between a plurality of client computers and a plurality of data 
stores, wherein said network storage controller provides for the transfer of network data 
5 between said client computers and said data stores, wherein said network data includes 
media-level data and wherein said network access controller provides for the selective 
encryption and decryption of said media-level data transferred with respect to said 
plurality of data stores (col. 3 lines 52-63; col.5 line 57 thru col.6 line 24), 

10 As per claim 13, Lin discloses the network storage controller of claim 12 wherein 

the transfer of network data between said client computer and said data stores is 
directed subject to an access management policy autonomously implemented by said 
network storage controller (col.6 lines 25-36). 

15 As per claim 14, Lin discloses the network storage controller of claim 13 wherein 

said access management policy defines a correspondence between said data stores 
and a plurality of encryption keys stored by said network storage controller (col.6 lines 
38-49). 



20 



As per claim 15, Lin discloses the network storage controller of claim 14 wherein 
said access management policy defines a correspondence of data access permissions 
between users and said data stores (col.6 lines 38-49). 
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As per claim 16, Lin discloses the network storage controller of claim 12 wherein 
said network storage controller provides for the proxy transfer of network data between 
said client computers and said data stores (col. 3 lines 52-63; col.5 line 57 thru col.6 line 
5 24). 

As per claim 17, Lin discloses a network media access controller configures as a 
network proxy portal to provide storage security for clients with respect to network 
attached storage devices, said network media access controlled comprising a network 

10 data processor (server) coupleable between an initiator network (clients) and a target 
network (remote storage units) to provide for the proxy transfer of predetemnined 
network protocol data packets containing media-level data between said initiator (client) 
and target (storage) networks, said network data processor being operative to 
selectively process said predetemnined network protocol data packets to encrypt and 

1 5 decrypt media-level data (col.3 lines 52-63; col.5 line 57 thru col.6 line 24). 

As per claim 19, Lin discloses the network media access controller of claim 17 
wherein said network data processor includes a plurality of encryption keys and wherein 
network data processor selectively processes said predetermined network protocol data 
20 packets based on a predefined correspondence between said plurality of encryption 
keys and a plurality of target storage resources accessible via said target network (col.3 
lines 52-63; col.5 line 57 thru col.6 line 24). 
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As per claim 20, Lin discloses the network media access controller of claim 19 
wherein said predefined correspondence supports a proxy mapping of a plurality of 
virtual target storage devices accessible via said initiator network by a plurality of client 
5 computer systems to said plurality of target storage resources accessible via target 
network (col.5 lines 4-13). 

As per claim 21 , Lin discloses the network media access controlled of claim 20 
wherein said predefined correspondence is associated with said plurality of virtual target 
10 storage devices (col.5 lines 4-13). 

As per claim 22, Lin discloses the network media access controlled of claim 21 
wherein said network data processor implements a data packet filter (file system 
gateways) to selectively provide for the proxy transfer of predetermined network 
1 5 protocol data packets (col.6 lines 25-36). 

As per claim 24, Lin discloses a method of providing secure storage of data over 
a network connection, said method comprising the steps of: 

a) first processing network data packets, transferred over a network between a client 
20 computer system and a storage system, to identify predetermined network data packets 
containing media-level data; 
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b) second processing said predetermined network data packets to encrypt the media- 
level data contained in said predetermined network data packets being transferred to 
said storage system and to decrypt the media-level data contained in said 
predetermined network data packets being transferred to said client computer system 
5 (col.3 lines 52-63; col.5 line 57 thru col.6 line 24). 

As per claim 25, Lin discloses the method of claim 24 wherein said storage 
system includes a plurality of storage resources and wherein said step of first 
processing determined a target storage resource from a predetermined network data 
10 packet, said method further comprising the step of selecting an encryption key 

corresponding to said target storage resource for use in connection with said second 
processing step with respect to said predetermined network data packet (col.5 line 57 
thru col.6 line 23; col.7 lines 48-57). 

15 As per claim 26, Lin discloses the method of claim 25 further comprising the step 

of selectively filtering (with file system gateways) network data packets permitted to be 
transferred over said network between said client computer system and said storage 
system (col.6 lines 25-36). 

20 As per claim 27, Lin discloses the method of claim 26 further comprising the 

steps of: 



Application/Control Number: 10/016,897 Page 10 

Art Unit: 2137 

a) providing a plurality of virtual storage resources as target storage resources for said 
client computer system (col.5 lines 4-13); and 

b) providing a mapping of said plurality of virtual storage resources to said plurality of 
storage resources wherein said mapping is used in said first processing step to transfer 

5 network data packets over said network between said client computer system and said 
storage system (col.6 lines 25-59). 

As per claim 28, Lin discloses a method of managing the secure storage of data 
in a network attached storage system, said method comprising the steps of: 

10 a) establishing a network storage portal (server) through which network storage data 
packets are passed between a client computer system and a network data store; and 
b) crypto processing, on passage through said network storage portal, media-level data 
contained within network storage data packets to selectively encrypt, at said network 
storage portal, media-level data passed to said network data store and selectively 

15 encrypt, at said network storage portal, media-level data passed from said network data 
store (col.3 lines 52-63; col.5 line 57 thru col.6 line 24). 

As per claim 29, Lin discloses the method of claim 28 wherein said network data 
store includes a plurality of network data store resources, said method further 
20 comprising the step of associating, at said network storage portal, media-level data 
encryption keys with said network data store resources to control the encryption and 
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decryption of media-level data passed to and from said plurality of network data store 
resources (col.3 lines 52-63; col.5 line 57 thru col.6 line 24). 

As per claim 30, Lin discloses the method of claim 29 further comprising the step 
5 of providing, at said network storage portal, for the management of a defined key 
correspondence between said plurality of media-level data encryption keys and said 
plurality of network data store resources (col.5 line 51 thru col.6 line 24). 

As per claim 31 , Lin discloses the method of claim 30 further comprising the 
1 0 steps of: 

a) presenting, at said network storage portal, a plurality of virtual network data storage 
resources to said client computer system as targets for network storage data packets; 
and 

b) mapping, at said network storage portal, said plurality of virtual network data store 
15 resources to said plurality of network data store resources, wherein said step of 

providing further provides for the management of a defined map correspondence 
between said plurality of virtual network data storage resources to said plurality of 
network data storage resources (col.6 lines 25-59). 



20 



As per claim 32, Lin discloses the method of claim 31 further comprising the step 
of filtering, at said network storage portal, the network storage data packets passed 
between said client computer system and said network data store, wherein said step of 
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providing further provides for the management of a filter rule set used in said filtering 
step to determine which network storage data packets are passed between said client 
computer system and said network data store (col.6 lines 25-36). 



5 As per claim 33, Lin discloses the method claim 32 wherein said step of providing 

supports access by a management server to establish said defined key 
correspondence, said defined map, and said filter rule set (credential management 
system and file system gateways) (col. 5 line 35 thru coL6 line 59). 

10 As per claim 34, Lin discloses a network media access controller comprising: 

a) an initiator network interface coupleable through a first network to a client initiator 
(client system) (col.5 lines 4-7); 

b) a target network interface coupleable through a second network to a storage target 
(remote file system) (col.5 lines 7-13); and 

15 c) a network data processor (server) coupled between said initiator and target network 
interfaces, wherein said client initiator and storage target communicate storage data 
over said first and second networks using a data transfer protocol (SSL/SHTTP) 
encapsulated by a network communications protocol (TCP/IP), wherein said data 
transfer protocol provides for the storage and retrieval of media-level data, wherein said 

20 network data processor (server) is operative to transfer network data packets 

confonning to said network communications protocol between said initiator and target 
network interfaces, said network data processor being further operative to selectively 
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encrypt an decrypt media-level data contained within network data packets transferred 
between said initiator and target network interfaces (CRYPTOPS) (col. 3 lines 52-63; 
col.5 line 57 tliru col.6 line 24). 

5 Claims 1-36 are rejected under 35 U.S.C. 102(b) as being anticipated by 

Berger et al. (U.S. Patent No. 5,850,446) 

As per claim 1 , Berger discloses a network media access controller providing a 
centralized control point for managing secure data storage in a network-attached data 

10 storage subsystem, said network media access controller comprising: 

a) a first network interface coupleable through a first network connection to a network- 
attached data storage subsystem including a storage device (hosts/virtual circuits), 
wherein said network-attached data storage subsystem is responsive to a data storage 
command to store first data to said storage device; 

15 b) a second network interface coupleable through a second network connection to a 
client computer system (customer/merchant computers), wherein said client computer 
system selectively provides said data storage command with respect to second data 
(col.6 line 58-coL7 line 16); and 

c) a network data processor (gateway) coupled to said first network interface to provide 
20 said data storage command and first data to said second network interface to receive 
said data storage command (requests) and second data, said network data processor 
including an encryptor (encryptor/decryptor 2120) coupled to selectively encrypt said 
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second data to provide said first data based on an encryption l<ey corresponding to said 
storage device (Abstract; Figs 21 A, 22). 



As per claim 2, Berger discloses the network media access controller of claim 1 
5 wherein said encryption key is detennined by said network data processor to 
correspond to said storage device (col. 14 lines 1-26, 52-58). 



As per claim 3, Berger discloses the network media access controller of claim 2 
wherein said storage device is a logical storage unit within said network-attached 
10 storage subsystem (col. 121 line 63 thru col. 122 line 4). 

As per claim 4, Berger discloses the network media access controller of claim 3 
wherein said network data processor includes a data table storing a plurality of 
encryption keys, including said encryption key, correlated against a plurality of logical 
15 storage unit identifiers, including an identifier of said logical storage unit (col.30 lines 18- 
43; col.41 lines 1-50). 



20 



As per claim 5. Berger discloses the network media access controller of claim 4 
wherein said data storage command includes an identification of said logical storage 
unit (col. 17 lines 53-61). 
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As per claim 6, Berger discloses the network media access controller of claim 5 
wherein said network data processor includes a map table storing initiator logical 
storage unit identifiers and target logical storage unit identifiers wherein said network 
access controller maps said identification provided by said data storage command 
5 through said table to select a target logical storage identifier corresponding to said 
logical storage unit (col. 122 lines 5-50). 



As per claim 7, Berger discloses a network storage access controller comprising: 

a) a first network interface coupleable to an initiator network accessible by a plurality of 
10 network clients (customers/merchants) to exchange first network data, wherein said first 

network data contains unencrypted media-level storage data; 

b) a second network interface coupleable to a target network through which a plurality of 
network storage volumes (hosts/virtual circuits) are accessible to exchange second 
network data, wherein said second network data contains encrypted media-level 

1 5 storage data; and 

c) a controller (gateway) coupled between said first and second network interfaces 
operative to convert between said first and second network data, said controller 
including a crypto processor (2120) to encrypt and decrypt media-level storage data 
contained in said first and second network data (col.6 line 58-col.7 line 16; Abstract; 

20 Figs21A,22). 
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As per claim 8. Berger discloses the network storage access controller of claim 7 
wherein said controller includes a plurality of crypto keys having predetemiined 
association with said plurality of network storage volumes and wherein said controller is 
operative to selectively apply said plurality of crypto keys to convert between said first 
and second network data (col.14 lines 1-26, 52-58). 

As per claim 9, Berger discloses the network storage access controller of claim 8 
wherein said first and second network data includes predetermined network data 
packets that encapsulate media-level storage data, wherein said controller is operative 
to process encapsulated media-level storage data through said crypto processor 
selectively associated with a predetermined one of said crypto keys (col. 15 lines 1-26, 
52-58). 

As per claim 10, Berger discloses the network storage access controller of claim 

9 wherein said predetemiined network data packets encapsulates SCSI protocol data 
(col.3 lines 31-43; col. 124 lines 15-40). 

As per claim 1 1 , Berger discloses the network storage access controller of claim 

10 wherein said predetemnined network data packets conform to the iSCSI protocol 
(col.3 lines 31-43; col. 124 lines 15-40). 
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As per claim 12, Berger discloses a network storage controller (gateway) 
supporting client (customer/merchant) access to network attached data storage 
(hosts/virtual storage), said network controller being coupleable in a communications 
network between a plurality of client computers and a plurality of data stores, wherein 
5 said network storage controller provides for the transfer of network data between said 
client computers and said data stores, wherein said network data includes media-level 
data and wherein said network access controller provides for the selective encryption 
and decryption of said media-level data transferred with respect to said plurality of data 
stores (col.6 line 58-coL7 line 16; Abstract; Figs 21 A. 22). 

0 

As per claim 13, Berger discloses the network storage controller of claim 12 
wherein the transfer of network data between said client computer and said data stores 
is directed subject to an access management policy autonomously implemented by said 
network storage controller (gateway) (col. 122 lines 5-50). 

5 

As per claim 14, Berger discloses the network storage controller of claim 13 
wherein said access management policy defines a correspondence between said data 
stores and a plurality of encryption keys stored by said network storage controller 
(gateway) (col. 122 lines 5-50). 



20 
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As per claim 15, Berger discloses the network storage controller of claim 14 
wherein said access management policy defines a correspondence of data access 
permissions between users and said data stores (col.41 lines 1-24). 

5 As per claim 16, Berger discloses the network storage controller of claim 12 

wherein said network storage controller provides for the proxy transfer of network data 
between said client computers and said data stores (col. 15 lines 17-21). 

As per claim 17, Berger discloses a network media access controller (gateway) 
10 configured as a network proxy portal to provide storage security for clients with respect 
to network attached storage devices (hosts/virtual circuits), said network media access 
controlled comprising a network data processor coupleable between an initiator network 
(customers/merchants) and a target network (host/secure financial databases) to 
provide for the proxy transfer of predetennined network protocol data packets 
15 containing media-level data between said initiator and target networks, said network 
data processor being operative to selectively process said predetermined network 
protocol data packets to encrypt and decrypt media-level data (col.6 line 58-col.7 line 
16; Abstract; Figs 21 A, 22). 



20 



As per claim 18, Berger discloses the network media access controller of claim 
17 wherein said predetermined network protocol data packets to conform to the iSCSI 
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protocol and wherein said media-level data is SCSI media data (col.3 lines 31-43; 
col. 124 lines 15-40). 



As per claim 1 9, Berger discloses the network media access controller of claim 
5 17 wherein said network data processor includes a plurality of encryption keys and 
wherein network data processor selectively processes said predetermined network 
protocol data packets based on a predefined correspondence between said plurality of 
encryption keys and a plurality of target storage resources accessible via said target 
network (col. 14 lines 1-26, 52-58). 

10 

As per claim 20, Berger discloses the network media access controller of claim 
19 wherein said predefined correspondence supports a proxy mapping of a plurality of 
virtual target storage devices accessible via said initiator network by a plurality of client 
computer systems to said plurality of target storage resources accessible via target 
15 network (col. 122 lines 5-50). 



As per claim 21 , Berger discloses the network media access controlled of claim 

20 wherein said predefined correspondence is associated with said plurality of virtual 
target storage devices (col.121 lines 31-42). 

20 

As per claim 22, Berger discloses the network media access controlled of claim 

21 wherein said network data processor implements a data packet filter (gateway 
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schemas) to selectively provide for the proxy transfer of predetermined iietwork protocol 
data packets (col.15 lines 17-21). 

As per claim 23, Berger discloses the network media access controller of claim 
5 22 wherein said predetemilned network protocol data packets conform to the iSCSI 

protocol and wherein said nriedia-level data is SCSI media data (col.3 lines 31-43; 
Gol.124 lines 15-40). 

As per claim 24, Berger discloses a method of providing secure storage of data 
10 over a network connection, said method comprising the steps of: 

a) first processing network data packets, transferred over a network between a client 
computer system (customers/merchants) and a storage system (host), to identify 
predetermined network data packets containing media-level data; 

b) second processing said predetermined network data packets to encrypt the media- 
15 level data contained in said predetermined network data packets being transferred to 

said storage system and to decrypt the media-level data contained in said 
predetermined network data packets being transferred to said client computer system 
(Abstract; col.4 lines 54-57; coL14 lines 1-26, 52-58; col.17 lines 18-30). 



20 



As per claim 25, Berger discloses the method of claim 24 wherein said storage 
system includes a plurality of storage resources and wherein said step of first 
processing detemiined a target storage resources from a predetermined network data 
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packet, said method further comprising the step of selecting an encryption key 
corresponding to said target storage resource for use In connection with said second 
processing step with respect to said predetennined networl< data pacl<et (col. 17 lines 
53-61; col. 14 lines 1-26, 52-58). 

As per claim 26, Berger discloses the method of claim 25 further comprising the 
step of selectively filtering network data packets pennitted to be transferred over said 
network between said client computer system and said storage system (col.4 lines 54- 
57). 

As per claim 27, Berger discloses the method of claim 26 further comprising the 
steps of: 

a) providing a plurality of virtual storage resources as target storage resources for said 
client computer system (col. 121 lines 31-42); and 

b) providing a mapping of said plurality of virtual storage resources to said plurality of 
storage resources wherein said mapping is used in said first processing step to transfer 
network data packets over said network between said client computer system and said 
storage system (col. 122 lines 5-50; col. 17 lines 53-61). 

As per claim 28, Berger discloses a method of managing the secure storage of 
data in a network attached storage system, said method comprising the steps of: 
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a) establishing a network storage portal (gateway) through which network storage data 
packets are passed between a client computer system (customers/merchants) and a 
network data store (host/virtual circuit); and 

b) crypto processing, on passage through said network storage portal, media-level data 
5 contained within network storage data packets to selectively encrypt, at said network 

storage portal, media-level data passed to said network data store and selectively 
encrypt, at said network storage portal, media-level data passed from said network data 
store (Abstract; col.4 lines 54-57; col.14 lines 1-26, 52-58; coL17 lines 18-30). 



10 As per claim 29, Berger discloses the method of claim 28 wherein said network 

data store includes a plurality of network data store resources, said method further 
comprising the step of associating, at said network storage portal, media-level data 
encryption keys with said network data store resources to control the encryption and 
decryption of media-level data passed to and from said plurality of network data store 

15 resources (col.14 lines 1-26, 52-58). 



As per claim 30, Berger discloses the method of claim 29 further comprising the 
step of providing, at said network storage portal, for the management of a defined key 
correspondence between said plurality of media-level data encryption keys and said 
20 plurality of network data store resources(col.14 lines 1-26, 52-58). 
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As per claim 31 , Berger discloses the method of claim 30 further comprising the 
steps of: 

a) presenting, at said network storage portal, a plurality of virtual network data storage 
resources to said client computer system as targets for network storage data 

5 packets(col.121 lines 31-42); and 

b) mapping, at said network storage portal, said plurality of virtual network data store 
resources to said plurality of network data store resources, wherein said step of 
providing further provides for the management of a defined map correspondence 
between said plurality of virtual network data storage resources to said plurality of 

10 network data storage resources (col. 122 lines 5-50; col. 17 lines 53-61). 



As per claim 32, Berger discloses the method of claim 31 further comprising the 
step of filtering, at said network storage portal, the network storage data packets passed 
between said client computer system and said network data store, wherein said step of 
1 5 providing further provides for the management of a filter rule set used in said filtering 
step to detennlne which network storage data packets are passed between said client 
computer system and said network data store (col.4 lines 54-57). (col. 15 lines 17-21). 



As per claim 33, Berger discloses the method claim 32 wherein said step of 
20 providing supports access by a management server to establish said defined key 
correspondence, said defined map, and said filter rule set (col.30 lines 18-43; col.41 
lines 1-50; col. 122 lines 5-50). 
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As per claim 34, Berger discloses a network media access controller comprising: 
a) an initiator network interface coupleable through a first network to a client initiator 
(customer/merchant), 

5 b) a target network interface coupleable through a second network to a storage target 
(host/virtual circuit); and 

c) a network data processor coupled between said initiator and target network 
interfaces, wherein said client initiator and storage target communicate storage data 
over said first and second networks using a data transfer protocol (TCP) encapsulated 

10 by a (secure) network communications protocol, wherein said data transfer protocol 
provides for the storage and retrieval of media-level data, wherein said network data 
processor is operative to transfer network data packets conforming to said network 
communications protocol between said initiator and target network interfaces, said 
network data processor being further operative to selectively encrypt an decrypt media- 

15 level data contained within network data packets transferred between said initiator and 
target network interfaces (col.1 1 lines 44-67; col. 13 lines 23-36); 

As per claim 35, Berger discloses the network media access controller of claim 
34 wherein said data transfer protocol is the SCSI protocol (col.3 lines 31-43; col. 124 
20 lines 15-40). 
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As per claim 36, Berger discloses the network media access controller of claim 
35 wherein said network communications protocol is the iSCSI protocol (col.3 lines 31- 
43; col. 124 lines 15-40). 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is (571) 
272-4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
10 supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Infonnation regarding the status of an application may be obtained from the 
Patent Application Infomnation Retrieval (PAIR) system. Status information for 
1 5 published applications may be obtained from either Private PAIR or Public PAIR. 

Status infonnation for unpublished applications is available through Private PAIR only. 
For more infonnation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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